People and organizations are required to store personal information on servers owned by or controlled by commercial businesses such as banks, service providers, e-commerce websites and the like. The term commercial business also includes government agencies which offer goods or services to the person. The personal information includes personal as defined below. The personal information also includes action-based information, such as prior actions the person performed versus the commercial business, person's behavior as a user of the commercial business, dates of such actions and the like. The commercial businesses may keep the private information for multiple reasons, such as reducing legal liabilities, extracting business information from the action-based information and the like.
There are legal developments which limit the use of the personal information by the commercial businesses. One example of the legal development in General Data Protection Regulation (GDPR) which came into effect in Europe during 2018. The GDPR dictates multiple limitations on the manner of using the personal information by the commercial businesses, for example enabling users to control the personal information, for example via “the right to be forgotten”, which is defined technically by the user's ability to ask for deletion of his/her personal information from the servers controlled by the commercial business.
Some data security solutions address the new legal development, such as GDPR, for example strong authentication and data encryption products offerings enable commercial businesses to secure access to online resources and protect the digital interactions of employees, partners, and customers. Yet, these solutions fail to transfer control of the data from the commercial businesses to the users.